Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer-implemented method, comprising: provisioning a virtual computing system; generating, using a pseudorandom number generator of the virtual computing system, a first value; establishing a first cryptographic protocol connection using the first value; receiving, over the first cryptographic protocol connection, a second value generated using a random number generator; and using the second value to establish a second cryptographic protocol connection.
This invention relates to secure communication systems, specifically methods for establishing cryptographic protocol connections using pseudorandom and random number generation. The problem addressed is ensuring secure and reliable cryptographic connections in virtual computing environments where trust in random number generation may be limited. The method involves provisioning a virtual computing system, which may be a cloud-based or virtualized environment. A pseudorandom number generator within this system generates a first value, which is used to establish an initial cryptographic protocol connection. This connection is then used to receive a second value, generated by a separate random number generator, which is more secure than the pseudorandom generator. The second value is then used to establish a second, more secure cryptographic protocol connection. This approach ensures that even if the pseudorandom number generator is compromised, the final cryptographic connection remains secure due to the use of a more reliable random number generator for the critical second value. The method may be applied in secure communication protocols, virtual private networks, or other systems requiring cryptographic key exchange.
2. The computer-implemented method of claim 1 , wherein the random number generator is provided by a second computing system, and wherein the second cryptographic protocol connection is with a third computing system.
This invention relates to secure communication systems using cryptographic protocols and random number generation. The problem addressed is ensuring secure and reliable cryptographic operations by distributing the generation of random numbers across multiple computing systems to enhance security and prevent single points of failure. The method involves establishing a first cryptographic protocol connection between a first computing system and a second computing system, where the second computing system provides a random number generator. The random number generator is used to generate cryptographic keys or other secure data required for the cryptographic protocol. A second cryptographic protocol connection is established between the first computing system and a third computing system, which may be used for additional security or redundancy. The random number generator from the second computing system is accessed to generate random numbers needed for cryptographic operations, ensuring that the randomness source is separate from the systems directly involved in the cryptographic protocol. This distribution of functions improves security by isolating the random number generation process from potential attacks on the primary cryptographic systems. The method may be used in secure communication protocols, key exchange mechanisms, or other cryptographic applications where reliable randomness is critical.
3. The computer-implemented method of claim 1 , wherein the first cryptographic protocol connection is a Secure Sockets Layer (SSL) protocol connection or a Transport Layer Security (TLS) protocol connection.
This invention relates to secure communication protocols, specifically enhancing the security of cryptographic protocol connections such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS). The problem addressed involves ensuring robust and secure data transmission in network communications, where vulnerabilities in cryptographic protocols can lead to unauthorized access or data breaches. The method involves establishing a cryptographic protocol connection, such as SSL or TLS, between a client and a server to secure data transmission. The connection is configured to use specific cryptographic parameters, including key exchange algorithms, encryption algorithms, and authentication mechanisms, to protect the integrity and confidentiality of the transmitted data. The method may also include validating the cryptographic parameters to ensure compliance with security standards and detecting or mitigating potential vulnerabilities in the connection. Additionally, the method may involve monitoring the connection for anomalies or attacks, such as man-in-the-middle attacks, and applying countermeasures to maintain security. The system may also support dynamic updates to cryptographic parameters to adapt to evolving threats. By enforcing strict cryptographic standards and continuously monitoring the connection, the method aims to prevent unauthorized access and ensure secure communication between parties.
4. The computer-implemented method of claim 1 , wherein the random number generator is an entropy service.
This invention relates to cryptographic systems, specifically methods for generating secure random numbers. The problem addressed is the need for reliable, unpredictable random number generation in computing systems, which is critical for cryptographic operations, secure communications, and other applications requiring high entropy. The method involves using an entropy service as a random number generator. An entropy service is a specialized system or module designed to collect and provide high-quality entropy, which is a measure of unpredictability. This service may gather entropy from various hardware and software sources, such as environmental noise, system events, or dedicated hardware random number generators. By leveraging an entropy service, the method ensures that the generated random numbers are cryptographically secure, resistant to prediction, and suitable for use in sensitive applications like encryption key generation, secure token creation, and random sampling in simulations. The method may also include steps for initializing the entropy service, configuring its parameters, and integrating it into a larger cryptographic framework. The entropy service may operate in real-time, continuously updating its entropy pool to maintain high unpredictability. Additionally, the method may include error handling mechanisms to detect and mitigate potential entropy depletion or other failures that could compromise security. By using an entropy service as the random number generator, the invention provides a robust solution for generating secure random numbers, addressing the challenges of unpredictability and reliability in cryptographic systems.
5. The computer-implemented method of claim 1 , wherein the random number generator is a cryptographically-secure pseudorandom number generator.
This invention relates to cryptographic systems, specifically methods for generating secure random numbers. The problem addressed is the need for reliable, unpredictable random number generation in cryptographic applications, where weak randomness can compromise security. The method involves using a cryptographically-secure pseudorandom number generator (CSPRNG) to produce random numbers. A CSPRNG is designed to be unpredictable and resistant to statistical attacks, making it suitable for cryptographic operations such as key generation, encryption, and authentication. The generator uses a deterministic algorithm seeded with a truly random or sufficiently unpredictable initial value, ensuring that the output appears random even if the internal state is partially exposed. The method may include additional steps such as initializing the generator with a secure seed, generating random numbers on demand, and ensuring the generator's output meets cryptographic standards for randomness. The system may also include error handling to prevent predictable outputs in case of failures. The use of a CSPRNG ensures that the generated numbers are secure against attacks, providing a robust solution for cryptographic applications.
6. The computer-implemented method of claim 1 , wherein the random number generator operates with higher entropy than the pseudorandom number generator.
A computer-implemented method enhances cryptographic security by integrating a random number generator (RNG) with higher entropy than a pseudorandom number generator (PRNG). The method addresses vulnerabilities in systems relying solely on PRNGs, which can be predictable and compromised if their internal state is exposed. By incorporating an RNG with superior entropy, the system generates more unpredictable and secure random values, reducing the risk of cryptographic attacks. The RNG may derive entropy from physical processes, such as hardware noise or environmental factors, ensuring robustness against computational prediction. The method can be applied in cryptographic key generation, secure authentication, and other security-sensitive applications where high-quality randomness is critical. The PRNG may still be used for efficiency in non-critical operations, while the RNG provides entropy for high-security tasks. This hybrid approach balances performance and security, mitigating weaknesses inherent in PRNGs alone. The system ensures that sensitive operations rely on true randomness, enhancing overall system resilience against adversarial exploitation.
7. A system, comprising: one or more processors; and memory to store instructions that, if executed by the one or more processors, cause the system to: generate, using a pseudorandom number generator, a first value; establish a first encrypted connection using the first value; receive, over the first encrypted connection, a second value generated using a random number generator; and use the second value to establish a second encrypted connection.
This invention relates to secure communication systems, specifically methods for establishing encrypted connections using pseudorandom and random number generation. The system addresses the challenge of securely exchanging cryptographic keys or initialization values between parties to establish encrypted connections, particularly in scenarios where pre-shared keys or trusted third parties are unavailable. The system includes one or more processors and memory storing instructions for generating a first value using a pseudorandom number generator. This first value is used to establish an initial encrypted connection between communicating parties. Over this first encrypted connection, the system receives a second value generated by a random number generator at the remote party. The second value is then used to establish a second, more secure encrypted connection. The use of a pseudorandom number generator for the first value and a random number generator for the second value ensures that the initial connection is sufficiently secure while the second connection benefits from higher entropy, reducing the risk of cryptographic attacks. The system may be applied in secure communication protocols, key exchange mechanisms, or authentication systems where multiple layers of encryption are required.
8. The system of claim 7 , wherein the random number generator is a hardware random number generator.
A system for secure cryptographic operations includes a hardware random number generator to produce cryptographic keys or other random values. The hardware random number generator is implemented in dedicated circuitry, such as an integrated circuit, to ensure high entropy and resistance to prediction or manipulation. This hardware-based approach enhances security by reducing reliance on software-based randomness, which may be vulnerable to deterministic algorithms or environmental biases. The system may integrate the hardware random number generator with cryptographic processing units, such as encryption/decryption modules or key management systems, to generate secure keys for symmetric or asymmetric cryptographic operations. The hardware generator may also be used in authentication protocols, secure boot processes, or other applications requiring high-quality randomness. By using dedicated hardware, the system mitigates risks associated with software-based randomness, such as insufficient entropy or side-channel attacks, ensuring robust security for cryptographic functions. The hardware random number generator may be designed to comply with industry standards for cryptographic randomness, such as NIST SP 800-90A, to guarantee reliability in security-critical applications.
9. The system of claim 7 , wherein the random number generator is an entropy service provided by a different system.
Technical Summary: This invention relates to cryptographic systems that utilize random number generation for secure operations. The problem addressed is ensuring high-quality randomness in cryptographic processes, which is critical for security but can be resource-intensive or unreliable if generated locally. The system includes a cryptographic module that performs secure operations, such as encryption or key generation, requiring random numbers. To enhance security and reliability, the random number generation is offloaded to an external entropy service. This service is provided by a different system, meaning it operates independently of the cryptographic module, reducing the risk of bias or predictability in the random numbers. The external service may leverage hardware-based entropy sources, environmental noise, or other high-entropy inputs to produce cryptographically secure random values. By relying on an external provider, the system avoids potential weaknesses in local random number generation, such as limited entropy sources or vulnerabilities in software-based generators. This approach improves security by ensuring that the random numbers used in cryptographic operations are robust and resistant to attacks.
10. The system of claim 7 , wherein the random number generator is a cryptographically-secure pseudorandom number generator.
A system for generating cryptographically-secure pseudorandom numbers is disclosed. The system addresses the need for secure random number generation in applications requiring high levels of security, such as cryptographic protocols, authentication systems, and secure communications. Traditional pseudorandom number generators may be vulnerable to prediction or compromise, making them unsuitable for sensitive applications. This system enhances security by incorporating a cryptographically-secure pseudorandom number generator, which ensures that the generated numbers are unpredictable and resistant to attacks. The system includes a random number generator that produces outputs meeting cryptographic standards, such as those defined by NIST or other security organizations. The generator may use algorithms like AES-based or SHA-based cryptographic functions to ensure robustness. The system may also include input sources, such as hardware-based entropy sources, to further strengthen the randomness of the generated numbers. The cryptographically-secure pseudorandom number generator is integrated into a broader system that may include processing units, memory, and interfaces for distributing the generated numbers to other components or applications. By using a cryptographically-secure pseudorandom number generator, the system ensures that the random numbers produced are suitable for security-critical operations, such as key generation, encryption, and authentication. This prevents vulnerabilities that could arise from predictable or weak random number generation, thereby enhancing the overall security of the system. The system may be implemented in hardware, software, or a combination of both, depending on the specific requirements of the application.
11. The system of claim 7 , wherein the second value is cryptographically stronger than the first value.
A system for enhancing cryptographic security in data processing involves generating and comparing cryptographic values to ensure stronger security measures. The system includes a processor and a memory storing instructions that, when executed, cause the processor to generate a first cryptographic value based on a first set of input data and a second cryptographic value based on a second set of input data. The second cryptographic value is cryptographically stronger than the first value, meaning it provides a higher level of security, such as increased resistance to attacks or more robust encryption. The system may also include a comparison module that evaluates the relationship between the first and second values to determine if the second value meets predefined security criteria. This comparison can involve checking computational complexity, key length, or algorithmic strength. The system may further include a validation module that verifies the integrity and authenticity of the cryptographic values, ensuring they have not been tampered with. The overall goal is to improve security in applications where data protection is critical, such as financial transactions, secure communications, or authentication systems. The system ensures that weaker cryptographic values are not used when stronger alternatives are available, thereby reducing vulnerabilities.
12. A non-transitory computer-readable storage medium storing executable instructions that, if executed by one or more processors of a computer system, cause the computer system to at least: generate, using a pseudorandom number, a first value; and establish a first secure connection using the first value; receive, over the first secure connection, a second value with a higher entropy than the first value; and use the second value to establish a second secure connection.
This invention relates to secure communication systems, specifically improving the initial establishment of secure connections by enhancing entropy in cryptographic key generation. The problem addressed is the vulnerability of low-entropy initial keys, which can be susceptible to brute-force attacks or other cryptographic weaknesses. The solution involves a two-phase secure connection process. First, a pseudorandom number is used to generate a low-entropy initial value, which is then used to establish a preliminary secure connection. Over this connection, a higher-entropy value is received, which is then used to establish a more robust second secure connection. This approach ensures that the initial connection, though less secure, is only temporary and is quickly replaced by a stronger connection based on higher-entropy keys. The method is particularly useful in systems where initial key generation may be constrained by hardware or environmental factors, such as low-power devices or resource-limited environments. The invention improves security by mitigating risks associated with low-entropy initial keys while maintaining practicality in real-world deployment scenarios.
13. The non-transitory computer-readable storage medium of claim 12 , wherein the second value is generated using a random number generator.
A system and method for secure data processing involves generating cryptographic keys or values to enhance security in digital transactions or communications. The invention addresses vulnerabilities in key generation processes by ensuring unpredictability and resistance to attacks. A first value is generated using a deterministic algorithm, such as a hash function, based on input data. A second value is then generated using a random number generator to introduce unpredictability. The two values are combined to produce a final cryptographic key or value, which is used for encryption, authentication, or other security operations. The random number generator ensures that even if the deterministic algorithm is compromised, the final output remains secure due to the unpredictable second value. This approach improves resistance to brute-force attacks, replay attacks, and other security threats. The system may be applied in various security protocols, including blockchain, digital signatures, and secure communications. The use of a random number generator for the second value ensures that the final output is statistically unpredictable, enhancing overall system security.
14. The non-transitory computer-readable storage medium of claim 13 , wherein the random number generator is an entropy service provided by a different system.
A system for generating cryptographic keys involves a non-transitory computer-readable storage medium containing instructions that, when executed, perform a method for key generation. The method includes receiving a request to generate a cryptographic key, generating a random number using a random number generator, and creating the cryptographic key based on the random number. The random number generator is an entropy service provided by a different system, ensuring that the randomness source is independent and potentially more secure. This approach enhances security by leveraging an external entropy service, which may provide higher-quality randomness or additional protection against attacks targeting the random number generation process. The system may also include additional steps such as validating the random number or the generated key to ensure compliance with cryptographic standards. The use of an external entropy service helps mitigate risks associated with local random number generation, such as predictability or insufficient entropy, thereby improving the overall security of the cryptographic key generation process.
15. The non-transitory computer-readable storage medium of claim 13 , wherein the random number generator is a cryptographically-secure pseudorandom number generator.
A system and method for generating cryptographically-secure pseudorandom numbers in a computing environment. The invention addresses the need for secure random number generation in applications requiring high entropy and unpredictability, such as cryptographic protocols, secure communications, and authentication systems. The system includes a random number generator implemented as a cryptographically-secure pseudorandom number generator (CSPRNG) to produce random numbers that are resistant to prediction or manipulation. The CSPRNG is designed to meet cryptographic standards, ensuring that the generated numbers are statistically random and suitable for security-sensitive operations. The system may also include a hardware-based entropy source to seed the CSPRNG, enhancing its resistance to attacks. The method involves initializing the CSPRNG with a seed value derived from a high-entropy source, generating random numbers through a deterministic but unpredictable process, and outputting the numbers for use in cryptographic functions. The invention ensures that the generated numbers are both statistically random and computationally infeasible to predict, providing robust security for applications requiring reliable randomness.
16. The non-transitory computer-readable storage medium of claim 12 , wherein the random number generator operates with higher entropy than the pseudorandom number generator.
This invention relates to cryptographic systems, specifically improving the security of random number generation in computing environments. The problem addressed is the vulnerability of pseudorandom number generators (PRNGs) to predictability, which can compromise cryptographic operations. Many systems rely on PRNGs for efficiency, but these can be reverse-engineered if their internal state is exposed, leading to security breaches. The invention describes a system that combines a pseudorandom number generator with a higher-entropy random number generator (RNG) to enhance security. The higher-entropy RNG provides a more unpredictable seed or input to the PRNG, making it resistant to state compromise extension (SCE) attacks. The system ensures that even if the PRNG's internal state is compromised, the higher-entropy RNG prevents full predictability of future outputs. This dual-generator approach balances performance and security, as the PRNG remains efficient while the higher-entropy RNG mitigates its weaknesses. The invention may be implemented in software, hardware, or firmware, and is particularly useful in cryptographic applications such as key generation, authentication, and secure communications. By integrating a higher-entropy source, the system ensures that random numbers used in security-critical operations remain unpredictable, even under adversarial conditions. This solution is applicable in environments where both performance and strong cryptographic security are required.
17. The non-transitory computer-readable storage medium of claim 12 , wherein the first value is generated in response to a request from a client via a network connection; and the second value is provided to the client via the network connection.
A system and method for secure data transmission over a network involves generating and exchanging cryptographic values between a server and a client. The system generates a first cryptographic value in response to a request received from a client over a network connection. This first value is used to establish or verify secure communication parameters. The system then provides a second cryptographic value to the client over the same network connection, enabling the client to authenticate the server or establish a secure session. The cryptographic values may include keys, tokens, or other security parameters used in encryption, authentication, or session management protocols. The system ensures secure transmission by validating the client's request and generating the second value only after confirming the integrity of the network connection. This approach enhances security by preventing unauthorized access and ensuring that cryptographic operations are performed only between authenticated parties. The method is applicable in various networked environments, including web services, financial transactions, and secure communication systems.
18. The non-transitory computer-readable storage medium of claim 17 , wherein the network connection is a secure communications connection established by the client, the secure communications connection terminating when the second value is provided to the client.
A system and method for secure network communication management involves establishing a secure connection between a client and a server. The client initiates a secure communications connection, which remains active until a specific termination condition is met. The system generates a first value and a second value, where the second value is derived from the first value. The first value is provided to the client, and the secure connection is maintained until the second value is delivered to the client. Once the second value is received, the secure connection is terminated. This approach ensures that the secure connection is only active for the duration necessary to complete the intended communication, enhancing security by minimizing exposure time. The system may also include additional features such as generating a unique identifier for the connection, validating the first and second values, and managing the connection lifecycle based on predefined rules. The method is particularly useful in environments where secure, time-limited communication is required, such as financial transactions, authentication processes, or sensitive data transfers.
19. The non-transitory computer-readable storage medium of claim 17 , wherein the request is received by a web service interface associated with the computer system.
A system and method for processing requests in a computer system involves receiving a request through a web service interface. The request is validated to ensure it meets predefined criteria, such as proper formatting, authentication, and authorization. If the request is valid, the system processes it by executing one or more operations, such as retrieving, storing, or modifying data. The system then generates a response based on the processing results and transmits the response back to the requester. The web service interface acts as an intermediary, allowing external systems to interact with the computer system's functionality in a standardized manner. This approach ensures secure, efficient, and scalable request handling, particularly in distributed computing environments where multiple systems need to communicate and exchange data. The validation step prevents unauthorized or malformed requests from disrupting system operations, while the structured response format ensures consistency in data exchange. This method is useful in cloud computing, enterprise applications, and other scenarios requiring reliable inter-system communication.
Unknown
September 17, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.